OpenFortress audits your security

Building secure systems is hard. Testing a system shows the presence of functionality, but it does not ensure the absence of holes in the security, because these usually show up in exceptional, untested scenarios. The only proper way to do audits is to go through a fixated system and systematically hunt for problems. It is a commonly principle to have an audit performed by someone with a clear mind, certainly not by the programmer of a system.

The goal of an audit is primarily to obtain feedback from a cryptographic angle. This can be used to verify a pre-built crypto-system against the rules of this knowledge-intensive domain. Feedback can range from proze to code, and can be acquired in the form of a number of hours worth of investigating an application.

The proper mindset for audits is one that mixes knowledge of practical systems such as web and email with a mathematical rigour. This combined mindset is rare. If policies surrounding the system must also be investigated, it becomes increasingly important to aid this mindset with social skills, which does not make things simpler. In short, auditing is a specialty service.

Subsidiary arrangements exist that may apply for Dutch companies; please lookup the Subsidie Kennisoverdracht ondernemingen at Senter for more information.

Our auditor is Rick van Rein, holding MSc and PhD degrees in computer science -- or in the European system, his title is dr.ir. Rick van Rein. He has the aforementioned rare mindset, and may be considered a technological heavy-weight. Rick is specialised in Un*x systems. Please visit his website for more information.